Malware Analysis – Malhare.exe | AoC 2025 Day 21 | TryHackMe | Beginner Friendly

Advent of Cyber 2025 – Day 21: Malhare.exe!
Wareville’s systems are under pressure once again. Several elves report strange behaviour on their laptops — and one thing links them all together:
a seemingly harmless salary survey sent via email 📧🐰

Behind the scenes, King Malhare has weaponised an HTA (HTML Application) file to hide malicious behaviour in plain sight. What looks like a simple survey is actually a launcher designed to gather system information and execute hidden code.

Today’s challenge focuses on malware analysis and forensics, teaching how analysts safely inspect suspicious files without executing them.

In this walkthrough, we cover:

• What HTA files are and why they exist
• How attackers abuse HTAs for malware delivery
• The structure of HTA files (HTML, scripts, logic)
• Identifying obfuscation, encoding, and hidden behaviour
• How analysts trace execution flow and data exfiltration
• Why social engineering plays a key role in malware success

This challenge builds essential skills used in malware analysis, SOC investigations, and incident response — helping defenders understand what a file really does before it’s too late.

Everything is explained clearly and step‑by‑step so beginners can follow confidently and safely.

Follow the AOC 2025 playlist to keep learning a new cybersecurity skill every day this December! 🎄🔐✨

#adventofcyber #aoc2025 #tryhackme #malwareanalysis #HTA #blueteam #cybersecurityforbeginners #infosec